On January 18, the New Hampshire legislature passed on a bipartisan basis its version of the state comprehensive privacy law first adopted by Virginia in 2021 and subsequently by more than ten other states, most recently New...more
The Vermont Legislature is considering its version (S.173) of Washington’s My Health My Data Act to regulate non-HIPAA health data. If enacted, the Vermont law would take effect on January 1, 2025. The bill is premised on a...more
1/26/2024
/ Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
Patient Privacy Rights ,
Pending Legislation ,
Personal Data ,
Regulatory Agenda ,
Regulatory Reform ,
State Data Privacy Laws ,
Vermont
To close out 2021, the European Data Protection Board (EDPB) adopted additional General Data Protection Regulation (GDPR) data breach notification guidelines in Guidelines 01/2021 on Examples regarding Personal Data Breach...more
3/7/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Popular ,
Reporting Requirements
This month, Colorado became the third U.S. state to enact a comprehensive cross-industry privacy law. Colorado is following an international trend. Many foreign countries have adopted similar privacy laws, inspired by the...more
On June 2, 2021, Nevada Governor Steve Sisolak signed SB260, which expands Nevada consumers’ right to opt out of the sale of personal data to include data brokers in addition to website owners. The revised law—the first of...more
On March 2, Virginia Governor Ralph Northam signed the Consumer Data Protection Act (CDPA), making Virginia the latest state to enact a cross-industry privacy rights law. The CDPA displays a blend of concepts from two leading...more
3/5/2021
/ Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
State Privacy Laws ,
Virginia
Key Takeaways:
- EU-U.S. Privacy Shield Framework invalidated
- Standard Contractual Clauses governing transfers between controllers and processors upheld, but arguably may not be valid on their face without additional...more
7/17/2020
/ Court of Justice of the European Union (CJEU) ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Facebook ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Risk Management ,
Schrems I & Schrems II ,
Standard Contractual Clauses